From: Joel Vandal (jvandal_at_infoteck.qc.ca)
Date: Thu 10 Apr 2003 - 16:02:01 BST
IMHO, this is not an hole... only remove all /dev/[hs]d* device... by
default, when you create a new vserver, the install script will remove all
/dev/* and create only a minimum set of device.
On a normal vserver operation, the root user will not be able to create new
device (mknod)
-- Joel Vandal----- Original Message ----- From: "DataKompaniet AS" <torrunes_at_datakompaniet.no> To: <vserver_at_solucorp.qc.ca> Sent: Thursday, April 10, 2003 9:44 AM Subject: Re: [vserver] Security problem
> > ----- Original Message ----- > From: "Herbert Poetzl" <herbert_at_13thfloor.at> > > On Thu, Apr 10, 2003 at 04:17:12PM +0400, Alexander Alexandrov wrote: > > > Inside the vserver i can read any block device such as /dev/hd*. > > > I can't mount, but can do > > > dd if=/dev/hda1 of=/tmp/hda1 > > > > > > What way to solve this? > > > > *) remove the device node or > > *) change the kernel code > > Is this hole still present on ctx-17 kernel? > > Best regards > Tor Rune Skoglund > torrunes_at_datakompaniet.no > > >